use proxy cert file (chain of certs) as easy as user cert

diff --git a/emi.canl.canl-c/examples/canl_sample_client.c b/emi.canl.canl-c/examples/canl_sample_client.c
index dfd8851..812ed06 100644 (file)
--- a/emi.canl.canl-c/examples/canl_sample_client.c
+++ b/emi.canl.canl-c/examples/canl_sample_client.c
@@ -21,12 +21,14 @@ int main(int argc, char *argv[])
     struct timeval timeout;
     char *serv_cert = NULL;
     char *serv_key = NULL;
+    char *proxy_cert = NULL;
 
     while ((opt = getopt(argc, argv, "hp:s:c:k:")) != -1) {
         switch (opt) {
             case 'h':
                 fprintf(stderr, "Usage: %s [-p port] [-c certificate]"
-                        " [-k private key] [-d ca_dir] [-h] \n", argv[0]);
+                        " [-k private key] [-d ca_dir] [-h] "
+                        " [-s server] [-x proxy certificate] \n", argv[0]);
                 exit(0);
             case 'p':
                 port = atoi(optarg);
@@ -40,9 +42,13 @@ int main(int argc, char *argv[])
             case 'k':
                 serv_key = optarg;
                 break;
+            case 'x': 
+                proxy_cert = optarg;
+                break;
             default: /* '?' */
                 fprintf(stderr, "Usage: %s [-p port] [-c certificate]"
-                        " [-k private key] [-d ca_dir] [-h] \n", argv[0]);
+                        " [-k private key] [-d ca_dir] [-h] "
+                        " [-s server] [-x proxy certificate] \n", argv[0]);
                 exit(-1);
         }
     }
@@ -64,7 +70,8 @@ int main(int argc, char *argv[])
     }
     
     if (serv_cert || serv_key){
-        err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, NULL);
+        err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, proxy_cert,
+                                     NULL, NULL);
         if (err) {
             printf("[CLIENT] cannot set certificate or key to context: %s\n",
                     canl_get_error_message(my_ctx));

diff --git a/emi.canl.canl-c/examples/canl_sample_server.c b/emi.canl.canl-c/examples/canl_sample_server.c
index 67e9068..f1558be 100644 (file)
--- a/emi.canl.canl-c/examples/canl_sample_server.c
+++ b/emi.canl.canl-c/examples/canl_sample_server.c
@@ -65,7 +65,8 @@ int main(int argc, char *argv[])
     }
 
     if (serv_cert || serv_key){
-       err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, NULL);
+       err = canl_ctx_set_ssl_cred(my_ctx, serv_cert, serv_key, NULL, 
+                                    NULL, NULL);
         if (err) {
             printf("[SERVER] cannot set certificate or key to context: %s\n",
                   canl_get_error_message(my_ctx));

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index cab9b4b..ee07f9c 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -889,7 +889,7 @@ ssl_finish(glb_ctx *cc, void *ctx)
 
 /*maybe move to better file*/
 canl_err_code 
-canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key,
+canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key, char *proxy,
         canl_password_callback cb, void *userdata)
 {
     glb_ctx *glb_cc = (glb_ctx*) cc;
@@ -904,7 +904,7 @@ canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key,
         return EINVAL;
     }
 
-    err = do_set_ctx_own_cert_file(glb_cc, m_ctx, cert, key, NULL);
+    err = do_set_ctx_own_cert_file(glb_cc, m_ctx, cert, key, proxy);
     if(err) {
 //        update_error(glb_cc, "can't set cert or key to context");
     }

diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h
index e3967ed..09f01fd 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.h
+++ b/emi.canl.canl-c/src/canl_ssl.h
@@ -15,7 +15,7 @@ canl_ctx CANL_CALLCONV
 canl_ctx_set_ssl_flags(canl_ctx, unsigned int);
 
 canl_err_code CANL_CALLCONV
-canl_ctx_set_ssl_cred(canl_ctx, char *, char *key,
+canl_ctx_set_ssl_cred(canl_ctx, char *, char *key, char *proxy,
                      canl_password_callback, void *);
 
 canl_err_code CANL_CALLCONV